Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Request-Id
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Request-ID
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Check
X-AspNetMvc-Version
X-Adblock-Key
Status
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Buckets
X-Type
Keep-Alive
Xkey
X-AH-Environment
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Backend
Access-Control-Max-Age
X-Age
CF-Ray
X-POWERED-BY
Upgrade
X-Server
Access-Control-Expose-Headers
EagleId
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Drupal-Dynamic-Cache
X-Pingback
X-Varnish-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Robots-Tag
Ali-Swift-Global-Savetime
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
Request-Context
Content-Location
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cnection
X-Amz-Version-Id
X-Host
X-Server-Id
X-Node
Surrogate-Control
X-Cache-Lookup
X-Backend-Server
X-Rq
X-Response-Time
X-Rack-Cache
X-WebKit-CSP
X-Readtime
X-Application-Context
EagleEye-TraceId
X-OneAgent-JS-Injection
Server-Timing
X-Cloud-Trace-Context
X-Url
Pinterest-Generated-By
X-CST
Report-To
Request-Id
X-TTL
X-Instart-Request-ID
X-Country
X-ORACLE-DMS-ECID
X-Px
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
X-Country-Code
Rating
Allow
X-Dns-Prefetch-Control
X-DataDome
X-ESI
X-Powered-CMS
X-Vname
X-PC
X-TtlSet
NEL
X-FTR-Request-ID
Charset
X-Origin-Cache
X-Server-Name
X-DynaTrace
X-DynaTrace-JS-Agent
X-MS-InvokeApp
X-Cached
X-Goog-Hash
X-Vhost
X-GitHub-Request-Id
X-Recruiting
X-VARITI-CCR
X-Varnish-TTL
RTSS
X-Version
X-F-Cache
Content-MD5
X-Cdn-Fetch
X-Exp-Id
X-Geo-Segment
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Powered-By-Plesk
Accept-CH
Public-Key-Pins
PB-PID
X-D2id
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Mod-Pagespeed
MS-Author-Via
Verso
X-Client-IP
X-Abt-Application-Version
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Dispatcher
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
X-N
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Amz-Rid
Nginx-Cache
Accept-CH-Lifetime
X-Navigation-Version
X-CF-Powered-By
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
Paypal-Debug-Id
X-Forwarded-Proto
X-T
X-DIS-Request-ID
X-Origin-Upstream-Status
X-Upstream
X-Varnish-Age
X-Hits
DynaTrace
X-Grace
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
X-Amz-Meta-S3cmd-Attrs
TCN
AR-ATIME
AR-PoweredBy
X-Id
X-Oracle-Dms-Rid
X-Shield-Request-Id
X-Pad
AR-CACHE
X-Content-Options
X-Content-Digest
Realpath
X-NF-Request-ID
X-Server-ID
X-HW
Access-Control-Request-Method
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Kinsta-Cache
X-IPLB-Instance
X-Acc-Meta-Resource-Type
X-Cache-Hit
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-B
X-Logged-In
X-Vcap-Request-Id
X-Debug
X-FastCGI-Cache
X-SS-Set-Cookie
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
X-XRDS-Location
X-Ser
Service-Worker-Allowed
Tracecode
S
X-MSEdge-Ref
Server-Name
X-PressLabs-Stats
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-Frontend
X-FTR-DC
Fastly-Restarts
X-Cache-Key
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
X-Accel-Buffering
Rt-Fastcgi-Cache
X-Forwarded-For
Surrogate-Key
Fastcgi-Cache
AR-SID
Alternate-Protocol
X-Analytics
X-Cache-Rule
Backend-Timing
Eomportal-Instance
Host
X-HS-Content-Id
X-HS-Hub-Id
Cleartype
FilterID
Cache-Status
X-Srv
X-Revision
TP-L2-Cache
X-Rid
TP-Cache
Public-Key-Pins-Report-Only
X-FTR-Cache-Host
X-Debug-Info
X-User-Agent
Front-End-Https
X-Whom
X-HeyJason
X-Do-Not-Hack
Permitted-Cross-Domain-Policies
X-Akam-SW-Version
ServerID
X-Mobile
X-XRDS-LOCATION
Accept-Charset
X-Varnish-Backend
X-AOL-HN
X-Webkit-CSP
X-Cdn
X-TA-CDN-Provider
X-Iejgwucgyu
X-Cache-2
X-Kinja-Server-Push
X-GUploader-UploadID
X-Via-JSL
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-NWS-LOG-UUID
X-Content-Powered-By
X-RateLimit-Remaining
X-Oneagent-Js-Injection
X-Cached-By
X-Ttl
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-VCache
X-App-Environment
Viewport
X-LB-Cache
X-Cluster
X-Node-Name
X-Varnish-Hostname
X-Cache-Control
X-Tumblr-User
X-Magnolia-Registration
X-Page-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Host-Header
X-Device-Type
X-Framework
X-Request-Guid
X-Akamai-Edgescape
X-TT
X-Handled-By
X-B-Cache
X-Signature
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-B3-Sampled
Upgrade-Insecure-Requests
X-Instance
Liferay-Portal
DC
Cache-Tag
X-BCube-Filmed-By
X-Middleton-Display
X-Sol
Display
X-Amzn-Trace-Id
X-Cache-Server
MicrosoftSharePointTeamServices
X-Hostname
X-Origin-Server
Server-Node
X-Webkit-Csp
X-TT-TIMESTAMP
X-Fastcgi-Cache
X-Accel-Expires
Retry-After
Source
X-WA-Info
X-B3-Traceid
X-Varnish-Server
X-Contextid
X-Distil-CS
X-Servedby
Server-Info
HitType
HitInfo
X-Seen-By
X-Wix-Request-Id
X-Cache-Action
Content-Style-Type
Content-Script-Type
X-Cache-Operation
X-Edge-Location
X-GeoIP
X-Amz-Replication-Status
X-S
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Webserver
SRV
X-RequestSource
User-Agent
X-Locale
X-Status
GEO-INFO
X-WebKit-CSP-Report-Only
X-Jobs
Actual-Object-TTL
X-FW-Serve
X-FW-Server
X-Edge-Cache
X-Generated-By
AsisCache
X-FW-Static
X-FW-Hash
X-Edge-Cache-Key
X-FW-Type
X-Region
X-Response-Served-From
X-Varnish-Hits
X-Adobe-Content
X-UUID
X-Drupal-Cache-Tags
X-ATG-Version
X-Adobe-Loc
ServedBy
X-TX-ID
Refresh
X-Cache-NE
Response
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Port
X-Middleton-Response
Healthy
X-APP-VERSION
X-Hyper-Cache
X-Geo-Country
X-DataStream-Cache-Status
X-Esi
Payment
X-Cache-TTL-Remaining
S-Cnection
X-Cache-Age
X-Content-Type
IBM-Web2-Location
X-Newrelic-App-Data
X-Varnish-Grace
X-Amz-Server-Side-Encryption
Datacenter
Filters
X-Daa-Tunnel
Edge-Cache-Tag
Country
X-HS-Cache-Config
NGB
X-Az
X-Activity-Id
Served-By
X-AppVersion
HostName
X-Cache-Remote
X-Pc-Key
X-Pc-Appver
X-UA
X-Pc-Hit
Powered-By-ChinaCache
X-Cache-TTL
X-Cacheable-TTL
X-Varnish-IP
X-HS-Combine-CSS
X-Sucuri-ID
X-App-Server
X-Vg-Webcache
X-Mode
X-Akamai-Transformed
X-Mrs-Age
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Rendered-As
X-Cache-Var-Map
X-RemovedCookies
X-Cache-Var
X-Detected-As
X-Rule
X-RN-RSRV
X-Proxied
X-ProcessESI
Meta-Geo
Load-Balancing
Machine
X-Is-Bot
X-FC-Vary-Parameters
X-Rocket-Nginx-Bypass
X-Proxy
X-CDN-Forward
User-Cache-Control
X-OCL
X-Cache-Category-Id
Webcakes-App-Name
Property-Id
TWC-Connection-Speed
X-BYPASS-REASON
Webcakes-Region
X-ProxyCache-Key
DB-Nickname
Access-Control-Allow-Method
X-Amz-Meta-Surrogate-Control
X-Varnish-Cache-Hits
X-Origin-Hint
X-ServerID
X-Tb
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Privacy
Cache-Name
X-ProxyCache-Status
X-Grey
OT-Force-Account-Verify
TWC-GeoIP-LatLong
X-PCL
TWC-Locale-Group
X-Hosted-By
X-Varnish-Cacheable
Mn-Server-Ip
TWC-Device-Class
X-Origin
Backend
X-Original-Request
X-Upgrade-Enabled
ServerName
X-Site-Version
X-Section
Now
L5d-Success-Class
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
X-Zipkin-Id
X-Routing-Service
X-Access
X-OVcl-Cache
X-Human
X-JoinUs
X-Loop
X-OVcl
X-Hit
X-Generated
X-BB-IP
X-CDN-Cache
X-EIG-Tracking-Id
X-Format
Azure-InstanceId
X-TNCMS
X-Timing-Wait
Selected-FE
X-SplitTest
X-LJ-Flow-ID
X-L-Path
X-NGENIX-Cache
X-TWH-CORRELATION-ID
X-Www-Served-By
X-VWS-Id
X-Viewer-Country
X-Via-Fastly
X-Agile
X-Agile-Age
X-Proxy-Build
X-Cache-Config
X-PERF
X-Debug-Cache
X-Environment-Context
X-Pubstack
X-IP
X-Agile-Id
X-ApacheServer
X-App-Name
X-AWS-Id
Fastcgi-X-Cache-Version
S-Rt
X-HOST
X-Upstream-HT
X-Upstream-CT
Access-Control-Request-Headers
X-NodeID
Cache-Key
Fastcgi-Useragent
Fastcgi-X-Cache
X-Origin-CC
X-Source
X-Drupal-Cache-Contexts
X-Ocache
X-URL
X-CCM
From-Origin
Pagespeed
X-Xfnlog-Site
X-Nginx-Cache
X-Backend-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Unique-ID
Cache
X-App-Version
LB
X-Correlation-ID
X-Litespeed-Cache
X-Forwarded-Host
X-Akamai-Request-ID
Fastly-SSL
X-Storage
X-RateLimit-Limit
X-Vgn-Hpd-Reason
X-Pc-Date
X-Pc-Host
X-Feature
NtCoent-Length
X-Ms-Blob-Type
X-Ms-Lease-Status
ViewerVersion
X-Ms-Request-Id
X-Ms-Version
X-M-Log
X-Varnish-Beresp-Status
X-Birta-Served
X-Qnm-Cache
X-Varnish-Beresp-Grace
X-Birta-Cache-Post
X-M-Reqid
AR-Request-ID
Ar-Sid
X-NCache
X-VG-TLSProxy
X-Labrador-Cache-Channel
X-Time-Microsecs
X-Internal-Host
X-Guploader-Uploadid
X-Cluster-Node
X-Real-IP
X-Ruxit-Js-Agent
X-Real-Ip
X-Release
X-Distributor
X-Microcachable
Xserver
Time
X-EdgeConnect-Cache-Status
CACHE
X-B3-TraceId
WZWS-RAY
X-B3-Spanid
X-Powered-By-ANYU
X-Cache-Enabled
X-Dynatrace-Js-Agent
X-Sucuri-Cache
X-Request-Time
X-SERVER-NAME
X-Dispatcher-Server
Fly-Cache
Fly-Request-Id
X-No-Session
X-DPWN-IS-SECURE
X-Via-CDN
X-WebServer
Ec-Rule-Version
X-Via-SSL
X-Via-Edge
X-VG-WebServer
X-NU-AKA-ACS-Version
VivaBuild
Arc-Country
X-Destination
X-Cache-Bucket
X-A-Ccd
X-Org
X-Died
IsBot
X-Developer
X-B-Cookie
X-CF-Lambda-Fn
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
NGX
Mobile-Detection-Method
Cache-Prefix
X-Connection-Hash
BehaviorPad-Version
AKAMAI
Ajk
X-Irp-Debug
X-Generation-Time
X-From
X-Logtrace-Id
X-A
X-CF-Lambda-Version
MD5-Digest
X-G
Xc-Version
X-Generated-In
Meta-Geo-Continent
ProcessTime
Viewtype
X-Rojux
X-Rewrite-Enabled
X-BB-ID
REQUESTUUID
X-S-Cookie
T-Server
X-Accel-Expires-Debug
X-Server-Time
X-Server-By
X-D
X-Application
X-CUA
X-Request-UUID
X-Date
X-Region-Sid
X-Redis-Cache
X-Cache-Backend
Server-Int
X-ARC
X-SIPLIST1
X-ScT
X-Trv-Group
V-Age
X-A-Dam
X-PAYTM-SRV-ID
X-SRCache-Key
X-Transaction
Www
X-Twitter-Response-Tags
Rendered-Blocks
X-UE-Client-Country
X-Store
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-FireWall-Port
X-Web-Node
X-Varnish-Beresp-Ttl
GMS-Ver
HA-Urlpath
Backend-Name
X-CS
HA-Cloudapp
HA-Servedtime
Country-Code
HA-Geocity
HA-Georegion
X-External-Request-Id
HA-Geolon
X-Eu-Site
Magicmarker
HA-Geolat
Ha-Gx-Prefs
X-F5-Cache
HA-Geocountry
HA-Ipaddr
HA-Host
X-Crawler
Frame-Options
X-Fastly-Cache
X-Gen-Mode
X-Wikidot-Backend
X-Origin-TTL
Cneonction
X-Owner
Release
X-UnsetCookies
X-Varnish-Action
X-Node-Id
X-VCT
Pragrma
X-Block-Status
X-Phone
X-RateLimit-Remaining-Second
SN
Server-Host
PageSpeed
X-RateLimit-Limit-Second
X-Policy
X-Amz-Meta-Cache-Control
X-S-Maxage
X-Platform
Web-Mar-Node
X-Cache-CFC
NodeID
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Layer
X-Key
X-Hash
X-Hl-Ver
X-Hnp-Log
X-ShopId
X-ShardId
X-VServer
Origin-Cache-Control
X-NC
Origin-Edge-Control
X-We-Are-Hiring
X-CGP
X-Wikidot-Static-Cache
X-Alternate-Cache-Key
X-UA-Device-Type
X-GeoIP-City
X-Amz-Cf-Pop
X-Webstats-RespID
X-Endurance-Cache-Level
X-C
X-Nc
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Response-By
X-Backend-Host
X-Backend-TTL
X-Backend-Url
X-Reboot
X-Backend-State
X-Returned-From-PostProcessResponse
X-Request-URI
X-Server-IP
X-Tumblr-Pixel-3
X-TT-LOGID
X-Up
X-Var-Ttl
X-Variation
X-Thinkindot-L3
X-Swa-Ws
X-RCS-CacheZone
X-Actual-URL
X-Sf
X-Stale
X-Secret
X-Passed-To-DLL
X-Core-Mission
X-Core-Value
X-GeoIP-Country-Code
X-HTML-Minification-Powered-By
X-Clientip
X-Gannett-Site-Version
X-FW-Version
X-Developers
X-Debug-Log
X-Croise-Owner
X-Epic-Correlation-Id
X-Fetched-On
X-Instance-Name
X-Location
X-NX-Host
X-Nginx-Cache-Key
X-Passed-To
X-Passed-To-BeforeDispatch
X-Debug-Cookies
X-Cache-Expires
X-Cache-Srv
X-MI-In-Market
X-Matched-Rule
X-MSEdge-Features
X-MSEdge-Flight
X-Cache-URL
X-Passed-To-PostProcessResponse
Section-Io-Cache
Platform
Esi-Enabled
X-GZip
Powered
Proxy-Connection
MI-API
Request-Country
Heartbleed
Origin
MI-Cache-Age
MI-Cache
Kp-EeAlive
Apple-News-Services-Host
Is-Eu
Odigeo-Trace-Id
X-Dc
Request-EU
Adler-Geo
Thinkindot-Control
X-ElasticPress-Search
Uber-Trace-Id
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDCHOST
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Newrelic-Synthetics
Countrycode
Pagetype
X-Fstrz
Decoy-Debug-Status
Cache-Tags
X-Sn-Servicetimems
Decoy-Debug-TTL
Content-Disposition
Decoy-Debug-Key
Fastly-Backend-Name
X-ServiceProvider
X-Device-Os
HTTPS
X-V
X-Ckpd-Fst-Backend
Server-ID
Resin-Trace
RNT-Time
RNT-Machine
X-Ezoic-Cdn
True-Client-Country-4JS
X-NWS-UUID-VERIFY
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Worker
X-Content-Age
X-Cache-Host
X-Cdn-Srv
On-Server
X-Cdn-Origin
X-Trace-Id
Fastly-SWR
X-Alicdn-Da-Ups-Status
Host-ID
X-Rebelmouse-Cache-Control
X-Skip-Cache
X-Rebelmouse-Surrogate-Control
Warning
X-Surge-Debug
X-TIME
Fastly-SIE
X-CACHE-AGE
X-Servername
XServer
X-Ua
RequestId
X-GEO
MIME-Version
X-Pf-Uncompressing
X-Proto
X-Req
X-Aed
X-Csrf-Token
PFcat
Request-Time
Sid
Cteonnt-Length
We-Hiring
X-Refresh
Pramga
Mail-Subject
X-Edge-IP
X-PHP-Backend
X-Pjax-Url
X-Ratelimit-Limit
TSSecure
X-Cdn-Forward
X-Ms-Lease-State
CF-IPCountry
X-Varnish-Ttl
X-Hello
WP-Super-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cdn
X-Planisys-CDN-Cache
X-ABtesting
X-Page-Type
X-Flog
X-Server-W
X-Atg-Version
X-CLOUD-TRACE-CONTEXT
X-Oss-Server-Time
X-Servedbyhost
X-Oss-Hash-Crc64ecma
X-COUNTRY
X-Oss-Storage-Class
X-Oss-Object-Type
X-Time
X-Oss-Request-Id
Mime-Version
X-Varnish-Url
X-Geo
X-CSRF-Token
X-Cache-ASPX
Geoip-Latitude
CDN
GeoIp-Country-Code
X-Auto-Login
Dnion-Transfer-Encoding
X-DC
X-Oracle-Dms-Ecid
X-Aicache-OS
Lfy
X-GoCache-CacheStatus
X-Unique-Id
FSS-Cache
FSS-Proxy
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Varnish-Beresp-TTL
PageType
A
X-WA
X-Akamai-Request-ID2
X-Sentry-ID
Rt-Proxy-Cache
X-Datadome
X-GRACE
MS-CV
NnCoection
X-Via-NSCOPI
X-Origin-Expires
X-EC-Security-Audit
X-Origin-Date
NODE
X-Ratelimit-Remaining
X-Cache-Control-Set-By
X-Varnish-HitMiss
Node
X-CACHE-KEY
X-Thanos
X-HCF
X-Served-From
X-MP-GENERATED-AT
X-Bip
Memcached
X-Cache-Id
X-Check-Cacheable
SD-X-WS
X-Be
X-APP
Hostname
X-Wa
X-Cache-Info
X-Use-Magma
GeoIP-Latitude
GeoIP-Country-Code
WWW-Authenticate
X-Server-Group
X-Proxy-Server
X-UPSTREAM-Address
X-Request-Start
X-NODE
X-Nananana
GeoIP-City
Memory
Geoip-City
X-SRV
X-Vcache
X-Fastly-Cache-Hits
X-PAGE-TYPE
X-Cookie
UCS
X-Wix-Route-ID
X-ServedByHost
X-Varnish-URL
PICS-Label
GW-Server
X-GDPR
X-User
X-From-Cache
X-Gen-Id
Processtime
DataCenter
Cache-Hits
X-RTag
X-Load-Cache
X-WR-MODIFICATION
X-Edge-Server
X-Fastly-Backend-Reqs
Amp-Access-Control-Allow-Source-Origin
X-HS-Status
X-FORWARDED-FOR
X-Gdpr
Cf-Ipcountry
Cdn-Host
Cdn-Request-Time
Ms-Operation-Id
Accept-Language
X-Swift-Error
Pics-Label
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PJAX-URL
COMMERCE-SERVER-SOFTWARE
Dont-Set-Cookie
X-Cache-Ttl
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Li-Fabric
X-B3-SpanId
X-Cache-Debug
X-BBXSRF
X-Path-Route
X-Cache-HT
Is-Session-Tracking
Get-Access-Time
Group
X-Env
X-PF-Uncompressing
X-Dw-Trace-Id
X-CDN-Pop
X-VG-WebCache
X-Info
Lb
X-RateLimit-Reset
X-CDN-Pop-IP
X-Optimization
X-Fe
V-Cache
X-ID
Fastly-Soc-X-Request-Id
X-Qloud-Router
SS
URI
NX-Cache
Who
X-Content-Encoded-By
Requestid
X-GZIP
X-Bug-Bounty
Serverid
X-NGINX-Cache
X-CacheKey
X-Ver
X-ServerName
AGE-Hash
X-Varnish-Info
CDN-Cache
CDN-Cache-Hit
CDN-Node
X-Cache-FS-Status
X-P-T
Xet-Cookie
X-Litespeed-Cache-Control
X-SN
X-CSRF-TOKEN
X-Akamai-SSL-Client-Sid
SID
X-RequestId
X-VC
X-Serial
X-Shard
X-SB
N-Cache
X-Akamai-ERRuleID
Https
X-Meta-Tbi-Cache-Vertical
X-Grace-Duration
X-Akamai-ERPolicy
X-Ibm-Trace
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
Ws